[External] Re: forceAuthn with DUO

Hall, Gerry gerry.hall at emory.edu
Thu May 30 11:32:49 EDT 2019

I realize this goes against the model of the SP making the authn request and the IdP honoring that request, but is it possible to force DUO at the IdP for an SP?  If so, can you point me to any relevant documentation?

On 5/30/19, 8:19 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:

    The initial-authn feature was already removed from the next version. I don't remember whether it honors ForceAuthn. I seem to recall it didn't at one point, which would probably explain what it's doing, but all that really matters is that it's dead.

    You need to start over from scratch with the MFA feature, unfortunately. By default any login flow run subordinate to that mechanism will honor ForceAuthn unless something more complex is desired.

    -- Scott

    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).

More information about the users mailing list